JWT and KONG with custom authrizations

2019-06-06 20:32发布

问题:

I went through this tutorial on KONG https://getkong.org/plugins/jwt/

I have an understanding of JWT and authorization concepts. I have prototyped JWT with Spring Boot where I could put my own key value like this {"authorizations":"role_admin, role_user"}.

It is easy to do that in Spring Boot but I am not able to find information on how to do this with KONG. Anyone has any info about it?

回答1:

Kong community edition can handle only the authentication process, (give or deny access to a customer).

Authorization process (what a given customer can do in your application) is handled by your application or by https://getkong.org/plugins/ee-oauth2-introspection/ oauth2 introspection plugin which is enterprise edition only

you can write your own authorization server based on X-Consumer-Username request header if user passed authentication or original token header proxied by kong

hope helps



回答2:

The kong jwt plugin does not support sending custom payload parameters to the upstream api. It does however seem like you can use this plugin (I have not tested it):

https://github.com/wshirey/kong-plugin-jwt-claims-headers

Update:

If you set Kong to forward all headers you'll get the raw Authorization header with the jwt token. So you could base64 decode the jwt token and pull out the claims/payload parameters you need manually in your service.



标签: jwt kong